Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: ensure the sandboxed preloads globals do not leak #17712

Merged
merged 1 commit into from
Apr 16, 2019
Merged

fix: ensure the sandboxed preloads globals do not leak #17712

merged 1 commit into from
Apr 16, 2019

Conversation

MarshallOfSound
Copy link
Member

Description of Change

This PR re-adds the preload wrapping we used to have for sandboxed renderers that was accidentally removed as part of C71. It takes a different approach partially due to API changes in node and partially for performance reasons. Instead of wrapping the script at runtime, we wrap the scripts at build time.

This PR enables the --standalone flag for our browserify builds and then wraps the scripts with a fake module: { exports }. Standalone will ensure nothing leaks and the fake exports will ensure that nothing gets injected onto the window object 馃憤

Release Notes

Notes: Fixed issue where sandboxed renderers could sometimes leak globals outside of the preload script

@electron-cation electron-cation bot added the new-pr 馃尡 PR opened in the last 24 hours label Apr 5, 2019
nornagon
nornagon requested changes Apr 5, 2019
View reviewed changes
spec/api-browser-window-spec.js Outdated Show resolved Hide resolved
spec/fixtures/api/no-leak.html Show resolved Hide resolved
spec/fixtures/module/empty.js Outdated Show resolved Hide resolved
BUILD.gn Outdated Show resolved Hide resolved
@electron-cation electron-cation bot removed the new-pr 馃尡 PR opened in the last 24 hours label Apr 6, 2019
nornagon
nornagon approved these changes Apr 16, 2019
View reviewed changes
BUILD.gn Outdated Show resolved Hide resolved
build/js_wrap.py Outdated Show resolved Hide resolved
spec/fixtures/api/no-leak.html Show resolved Hide resolved
@codebytere codebytere merged commit be6fb7c into master Apr 16, 2019
@release-clerk
Copy link

release-clerk bot commented Apr 16, 2019

Release Notes Persisted

Fixed issue where sandboxed renderers could sometimes leak globals outside of the preload script

@codebytere
Copy link
Member

@MarshallOfSound this is gonna need manual bp to 5-0-x

@codebytere codebytere deleted the wrap-bundles branch April 16, 2019 17:57
@trop
Copy link
Contributor

trop bot commented Apr 16, 2019

I was unable to backport this PR to "5-0-x" cleanly;
you will need to perform this backport manually.

MarshallOfSound added a commit that referenced this pull request Apr 16, 2019
@MarshallOfSound
fix: ensure the sandboxed preloads globals do not leak (#17712)
4477f29
@MarshallOfSound MarshallOfSound mentioned this pull request Apr 16, 2019
Merged
@trop
Copy link
Contributor

trop bot commented Apr 16, 2019

A maintainer has manually backported this PR to "5-0-x", please check out #17830

MarshallOfSound added a commit that referenced this pull request Apr 17, 2019
@MarshallOfSound
fix: ensure the sandboxed preloads globals do not leak (#17712) (#17830)
11c1c25
@trop
Copy link
Contributor

trop bot commented Apr 17, 2019

A maintainer has manually backported this PR to "5-0-x", please check out #17830

@sofianguy sofianguy added this to Fixed in 5.0.0-beta.9 in 5.0.x Apr 20, 2019
kiku-jw pushed a commit to kiku-jw/electron that referenced this pull request May 16, 2019
@MarshallOfSound @kiku-jw
fix: ensure the sandboxed preloads globals do not leak (electron#17712)
cef10fd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nornagon nornagon nornagon approved these changes

Assignees
No one assigned
Labels
None yet
Projects
No open projects
5.0.x
Fixed in 5.0.0-beta.9
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@MarshallOfSound @codebytere @nornagon